CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...

CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

OpenSSL 缓冲区错误漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

PT-2026-47856

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A heap out-of-bounds read can occur during CMS password-based decryption RFC 3211 / PWRI key unwrap when processing attacker-supplied CMS data. The issue arises in the kek unwrap key function...

OpenSSL 1.1.1 < 1.1.1zh Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.1zh. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1zh advisory. - Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption...

OpenSSL 1.0.2 < 1.0.2zq Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2zq. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2zq advisory. - Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption...

PT-2026-47836

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur during the decryption of password-encrypted Cryptographic Message Syntax CMS messages. The issue arises because the OpenSSL CMS implementation dereference...

OpenSSL 代码问题漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team, capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure hash...

FreeBSD-SA-26:35.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:35.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2026-06-09 Credits:...

PT-2026-47838

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description The CMS decrypt and PKCS7 decrypt functions are susceptible to a Bleichenbacher-style attack, which is an adaptive-chosen-ciphertext side channel. This allows an attacker to use a vulnerable...

Astra Linux - уязвимость в openssl1.0

In situations where an attacker receives automated notifications of the success or failure of a decryption attempt, an attacker can recover the CMS/PKCS7 transport encryption key after sending a very large number of messages to be decrypted. They can also decrypt any RSA-encrypted message encrypt...

CLSA-2026-1777567181 openssl: Fix of CVE-2026-28390

CVE-2026-28390: fix NULL pointer dereference in rsacmsdecrypt when CMS RSA-OAEP pSourceFunc is missing its parameter...

NewStart CGSL MAIN 7.02 : tongsuo Vulnerability (NS-SA-2026-0039)

The remote NewStart CGSL host, running version MAIN 7.02, has tongsuo packages installed that are affected by a vulnerability: - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This...

NewStart CGSL MAIN 7.02 : openssl Vulnerability (NS-SA-2026-0038)

The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by a vulnerability: - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This...

Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.

Summary TSSC/IMC addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2025-14523 DESCRIPTION: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common...

Splunk Universal Forwarder 9.2.0 < 9.2.12, 9.3.0 < 9.3.9, 9.4.0 < 9.4.7, 10.0.0 < 10.0.3 (SVD-2026-0210)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0210 advisory. - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: openssl (UTSA-2026-005327)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005327 advisory. Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary:...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2026-1034)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1076)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...